Senior GRC Engineer

Who is Flock?

Every community deserves to be safe, it's a fundamental right. Our mission is simple - to build technology that reduces crime and protects privacy. Flock partners with cities, businesses, schools, and neighborhoods to help protect where people live, work, and play. Last year, Flock technology supported over 1 million criminal investigations. We've also helped solve approximately 20% of reported crimes in areas where we're deployed, and have played a role in locating more than 10,000 missing people.

We are a high-performance team united by urgency, ownership, and a shared commitment to meaningful impact. The work is fast-paced and the expectations are high. We push beyond perceived limits, support each other, and hold ourselves accountable to delivering results that matter.

With over $1B in funding and an $8.3B valuation, we are scaling with intention and investing in the people who will help us build what others said could not be done. At Flock, you will find the opportunity to grow quickly, take on real responsibility, and contribute to something bigger than yourself.

The Opportunity

We are hiring a Senior GRC Engineer to build and scale an engineering-driven, automation-first, and AI-enabled approach to Governance, Risk, and Compliance (GRC).

This role goes far beyond traditional GRC. You will design and implement intelligent, automated systems that integrate directly into our engineering and cloud environments-transforming compliance from a manual, point-in-time exercise into a continuous, real-time capability.

You will leverage automation, data pipelines, and emerging AI/LLM capabilities to reduce manual effort, improve signal quality, and enable proactive risk management.

This is a high-impact role at the intersection of security engineering, compliance, and data-helping evolve GRC into a measurable, scalable, and product-aligned function.

The Skillset

Build GRC Engineering Capabilities

• Design and implement policy-as-code and compliance-as-code frameworks
• Automate control testing and evidence collection using cloud and CI/CD telemetry
• Integrate GRC processes with engineering tools and workflows
• Develop reusable tooling and internal platforms for scalable, self-service compliance
• Build and deploy production-grade automation leveraging LLMs and AI tooling (e.g., for control mapping, evidence analysis, and anomaly detection)
• Own the design, development, and maintenance of core GRC automation systems and services

Drive Risk Visibility and Measurement

• Develop KPIs and KRIs using engineering and cloud data
• Support risk quantification efforts using frameworks such as FAIR
• Maintain and improve the security risk register
• Apply data modeling and AI techniques to identify emerging risks and reduce false positives
• Build automated risk scoring and prioritization models using real-time engineering and security data

Support Audits and Certifications

• Lead and support audits including SOC 2, ISO 27001, ISO 27701, FedRAMP and CJIS
• Build automated audit readiness and continuous compliance processes
• Serve as a key point of contact for internal and external auditors

Partner Across the Business

• Work with Product and Engineering teams on security and privacy requirements
• Support customer security reviews, RFIs, and trust center initiatives
• Collaborate with Legal and Privacy teams on regulatory alignment

Third-Party Risk Management

• Automate vendor assessments using AI-assisted questionnaire analysis and response validation
• Build workflows to ingest, analyze, and score third-party risk data at scale

What You Bring

Experience

• 5+ years in GRC, security engineering, or related roles
• Experience working in cloud-native environments, AWS is a must
• Experience supporting audits such as SOC 2, ISO 27001, or similar
• Relevant certifications such as CISA, CRISC, FAIR, AWS Security Specialty, ISO 27001/42001 Lead Auditor certifications a plus

Technical Skills

• Experience integrating security and compliance into CI/CD pipelines
• Ability to work with APIs, automation tools, or scripting languages
• Experience implementing policy-as-code, compliance-as-code, or security-as-code frameworks
• Familiarity with tools such as Terraform, CloudFormation, or similar IaC frameworks

AI & Automation Mindset

• Thinks in terms of systems and scale, not manual tasks-automating repetitive work wherever possible
• Curious about and experienced with applying AI to operational problems, especially in security or compliance
• Comfortable experimenting with emerging technologies and rapidly evolving tooling
• Focused on signal over noise, reducing manual overhead while increasing accuracy

GRC Expertise

• Strong understanding of frameworks such as SOC2 Type II, NIST 800-53, ISO 27001, and CJIS
• Experience with third-party risk management and vendor assessments
• Ability to translate regulatory requirements into technical controls

Mindset

• Automation-first thinking
• Strong problem-solving skills and ownership mentality
• Ability to balance security, compliance, and business needs
• Ability tocollaborate effectively with engineering, security, and business stakeholders

What Success Looks Like

• GRC processes are automated and integrated into engineering workflows
• Audit readiness becomes continuous rather than periodic
• Risk is measured using real-time data and clear metrics, tied to revenue
• Engineering teams experience GRC as an enabler, not a blocker
• Customer trust and security assurance scale with company growth
• Manual GRC processes are replaced with intelligent, automated workflows
• AI-assisted systems reduce audit preparation time and improve evidence quality
• GRC insights directly influence engineering prioritization and business decision-making

Feeling uneasy that you haven't ticked every box? That's okay; we've felt that way too. Studies have shown women and minorities are less likely to apply unless they meet all qualifications. We encourage you to break the status quo and apply to roles that would make you excited to come to work every day.

90 Days at Flock

We prescribe to 90 day plans and believe that good days lead to good weeks, which lead to good months. This serves as a preview of the 90 day plan you will receive if you were to be hired in this role at Flock.

The First 30 Days

• Ramp on systems, architecture, and existing GRC processes
• Build relationships with Engineering, Security, and Legal
• Identify initial automation opportunities

The First 60 Days

• Begin implementing automation for control testing and evidence collection
• Contribute to audit readiness and ongoing compliance efforts
• Define KPIs/KRIs for risk visibility

90 Days & Beyond

• Deliver measurable improvements in GRC automation and efficiency
• Launch initial AI-assisted workflows
• Influence roadmap for long-term GRC engineering strategy using a crawl, walk, run approach

Salary & Equity

In this role, you'll receive a starting salary between $130,000 and $150,000 as well as Flock Stock Options. Base salary is determined by job-related experience, education/training, as well as market indicators. Your recruiter will discuss this in-depth with you during our first chat.

Location

We're building the impossible, together. To drive innovation through in-person collaboration, we're prioritizing candidates in our key hubs: Atlanta, Austin, Boston, Chicago, Denver, Los Angeles, New York City, and San Francisco. While we value the energy of our hub communities, we embrace remote work and welcome applications from exceptional talent across the United States.

The Perks

Flexible PTO : We offer non-accrual PTO, plus 11 company holidays.

Fully-paid health benefits plan for employees : including Medical, Dental, and Vision and an HSA match.

Family Leave : All employees receive 12 weeks of 100% paid parental leave. Birthing parents are eligible for an additional 6-8 weeks of physical recovery time.

Fertility & Family Benefits: We have partnered with Maven, a complete digital health benefit for starting and raising a family. Flock will provide a $50,000-lifetime maximum benefit related to eligible adoption, surrogacy, or fertility expenses.

Spring Health: Spring Health offers a variety of mental health benefits, including therapy, coaching, medication management, and digital tools, all tailored to each individual's needs.

Caregiver Support: We have partnered with Cariloop to provide our employees with caregiver support.

Carta Tax Advisor: Employees receive 1:1 sessions with Equity Tax Advisors who can address individual grants, model tax scenarios, and answer general questions.

ERGs: We want all employees to thrive and feel like they belong at Flock. We offer four ERGs today - Women of Flock, Flock Proud, LEOs and Melanin Motion. If you are interested in talking to a representative from one of these, please let your recruiter know.

WFH Stipend: $150 per month to cover the costs of working from home.

Productivity Stipend: $300 per year to use on Audible, Calm, Masterclass, Duolingo and so much more.

Home Office Stipend: A one-time $750 to help you create your dream office.

Flock is an equal opportunity employer. We celebrate diverse backgrounds and thoughts and welcome everyone to apply for employment with us. We are committed to fostering an environment that is inclusive, transparent, and collaborative. Mutual respect is central to how Flock operates, and we believe the best solutions come from diverse perspectives, experiences, and skills. We embrace our differences and know that we are stronger working together.

If you need assistance or an accommodation due to a disability, please email us at View email address on click.appcast.io. This information will be treated as confidential and used only to determine an appropriate accommodation for the interview process.

At Flock, we compensate our employees fairly for their work. Base salary is determined by job-related experience, education/training, as well as market indicators. The range above is representative of base salary only and does not include equity, sales bonus plans (when applicable) and benefits. This range may be modified in the future. This job posting may span more than one career level.


Flock is aware of fraudulent individuals and agencies falsely claiming to represent our company. All legitimate communication from Flock will come from an email address ending in @ flocksafety.com . We do not make job offers through messaging apps, social platforms, or unauthorized third parties, and we will never request payment or sensitive personal information during the hiring process. If you encounter suspicious outreach related to a Flock role, please report it to View email address on click.appcast.io